How To Pass AWS Certified Solutions Architect Professional Certification Exam

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys it's imac here today we're going to talk about aws certified solutions architect professional exam version 2020. i was able to pass the exam the new version about two weeks ago with score of 800. this is a really really hard and tough exam yet rewarding and valuable and in a pro level certification uh you will see questions are really really long they're hard up and they usually have a very very you know tricky part that you need to make sure you you get it right otherwise you'll pick the wrong answer you know answers are really long you have to read them all and most of the time they're they all sound right but one of them for example is cost effective or you know uh provides a better rto or rpo so you need a really deep understanding about aws and also hands on uh basically experience with aws i definitely recommend if you guys planning on you know the certification definitely take the associate level certifications first and give yourself enough time and then prepare for the pro level certification well but this certification is hard for a reason and companies know that and aws designed this to be really really hard and since 2000 more than 50 percent of the fortune 500 companies have been acquired or gone out of business so the question is why well it's obvious because of digital transformation uh thomas siebel in his book digital transformation talks about four components cloud computing ai big data and iot that's going to basically disrupt any company if you don't innovate if you don't digitally transfer at core a lot of companies think oh i have accounting software you know it's uh it's so i'm digitally transferred no this is basically uh transformation in context not at the core uh well companies need to spend time need to you know invest energy money and resources in order to innovate so they can compete and stay in business so this is really really crucial for for businesses to come up with new ideas and you know deliver those features as soon as possible to the end user so they can stay in business and gain bigger market share so this is a basically a big business problem if companies don't convert digitally they're going to be in trouble and i give you the number more than 50 since 2000. so those companies need solutions architect in order to help them build those systems and basically having the pro level certifications provide this confidence and basically validates your knowledge for those employers or for those companies if your consultant so they know you are definitely you know a pro level person who can help the company you know build those scalable and amazing systems if cloud computing uh it's not around definitely iot big data ai they're not possible at the skills that we know today well so now let's talk about the exam um you know and how to prepare for it and as far as you know conditions and everything so the exam is uh 180 minutes you can also activate your 30 minutes extra through accommodation if english is not your first language or you need more time and the exam costs 300 however if you pass one of the associate level with 150 uh you will be able to get 50 discount or if you pass cloud practitioner and then you have vouchers so you can use these vouchers as you pass the exam aws encourages you and gives you a coupon 50 off so you can take the next one so that will save you uh definitely some money uh you can schedule the exam for online proctor due to this covet 19 uh you know situation at your home office and uh what you need to do uh once you schedule the exam uh you have to download the software test your system make sure you have uh basically good wi-fi a camera and speaker because on the on the exam day your face will be recorded during the entire session you're not allowed to leave your desk leave your computer make sure you don't drink a lot of water or coffee to three hours before the exam i definitely recommend you schedule the exam for early hours in the morning so you're not tired get enough good uh you know sleep at least i would say nine hours because you're gonna need a lot of mental power to deal with those tough questions uh as far as resources uh you can use industry recognize you know platforms like cloud guru linux academy udemy i'm not going to promote them i'm not sponsored by them but those are really valuable you know resources that you guys can use an affordable price but i would say in my personal opinion aws documentation is probably you know the best and most accurate place to learn at cloud computing you can reschedule the exam for three times remember after that you're not allowed to reschedule it and then on the exam date uh basically a person will ask you to you know show the environment make sure nobody's around you and you're not allowed to talk to anyone no cell phone make sure you have your ids with you and early check-in because the process is going to take at least few minutes let's say you are scheduled for 8 30 in the morning make sure you dial in at eight and you're comfortable sitting at the chair reading at the desk ready for the exam all right now let's talk about uh you know the exam details and the technical topics that you guys need to be really comfortable with and have basically hands-on experience with these services so let's start with the core of the you know solutions architect job and responsibility which is converting business requirement to a technical you know solution basically as a solution architect that's your you know biggest uh basically responsibility to understand the business issue and come up with the best uh you know reliable cost effective solution uh for that business problems well fault tolerant and high availability these are the two topics that you guys need to really really understand how they work what they mean and how what it takes to actually build a highly available uh you know for example web application so know the difference between uh high availability and fault tolerance and disaster recovery for example in disaster recovery uh you know you'll get questions about okay a company you know is trying to build a resistor recovery uh you know solution on aws they're running this multiple application they want to migrate this what's the you know best solution to achieve for example rto of under two min under two hours right so you have a lot of moving components and as you are reading the question this is my personal experience as you are reading the question start drawing all these components in your uh basically imagination and think about all the things that you're trying to put together for example okay i have on this part s3 on the left side i have api gateway and dynamodb and have this as a picture in your head because otherwise it is really hard to actually comprehend and understand and come up with the best answer in under 2-3 minutes so it is very difficult practice uh you know the process of remembering the services and putting the icons in your head so you can basically connect them during the exam so rto and rpo a lot of questions are around rto and rpo and uh for example the company is trying to achieve this uh you know recovery point objective and they can afford losing you know one hour worth of data and so you come up with the best uh you know design and architecture for this problem so they can achieve this result at the same time rto recovery time objective a company you know uh can't go down at all it's a you know mission critical uh for a health care system so it needs to stay all the time so you need to come up with the best architecture based on the tools you have in order to satisfy that need so as a solution architect in general in real life these are real questions i mean the company is trying to achieve a goal and need your help so you guys need to spend enough time energy effort to understand these concepts really well so aws organization you know you will see a lot of organization related questions uh during exam because it is very important imagine uh at the company you know they have like 12 aws accounts uh let's say dev test and you know production for accounting dev test whatever for the other problem and they have separate billing account and it's uh the security is a problem so this is a bad practice so aws organization basically helps you organize these accounts and apply uh you know basically security rules to them so you kind of have it you know very uh you know full control over the activity of all these accounts so you can have scps which where you can basically limit uh the services in a certain account for example let's say i don't want my development account and finance uses our rds for example right so you can basically deny that in your scp it's different than i am so even if you activate i am in that account it's not going to work because it's a basically overseeing that i am activity so how to join an account and how to create consolidated billing in order to get discount level for your reserve instances between the accounts and you know all features which is going to be you know a lot of things in detail which i'm going to let you guys read about it so aws organization make sure you read the documentation and you do enough uh basically research and hands-on that you're comfortable with creating multiple accounts cross account access this is uh you know really really important in terms of uh you know exam and also in real life uh let's say you want to give your developers access for example to production and s3 bucket in production you don't just open up or give them username password to dial into your production what if they delete what if they opted update the wrong bucket or do other stuff so across account access basically is a process of assuming your role in another account that's trusted uh by by your for example uh production account so your developers can assume that they're all that assume that role and update the s3 bucket so i am policies groups user permission how to apply those the difference between uh you know identity uh basically policies and resource-based policies you guys need to know that and how they uh work so you gotta know about aws support plans uh well which one supports what can you for example have 24 7 access to support team so make sure you know the difference between the support plans trusted advisor you're definitely going to get questions about trusted advisor which is a service that gives you recommendation about security about cost saving or you know limits on your services which is a great it says hey you have an ec2 instance it's a reserve instance and uh you know you're under utilizing this ec2 and you can save for example this much amount so you get an understanding about uh basically how to you know manage your account in a proper uh proper manner well gateways uh you will see questions about uh you know fly gateway cash gateway and volume gateway which uh basically helps your company to move your data to cloud and so it can be used for migration at the same time if you don't want to spend and invest money in your local hardware in a hybrid architecture where you have vpn tunnel or direct connect to your cloud infrastructure you can use it to extend your file server for example to extend your local capacity in terms of storage well um you got to be very comfortable with direct connect and vpn uh you have to know that you know the direct connect process building and getting the service it's a long process it's not overnight or over a week process it's going to take time to do that in direct connect you will get dedicated basically connection between you and away us and you will have public lifts and private lifts when we say public doesn't mean you can access internet make sure you understand that public libs is basically allows you to you know connect to aws public resources like s3 and dynamodb and if you want to connect your vpc then you need private vips so remember you know the difference between public with and private with for example you're going to know that uh you know direct connect is not encrypted the channel is basically dedicated and you have a lot of bandwidth if you are moving a lot of data in in and out of aws it's gonna save you money you gotta know that uh you know direct connect is an expensive service but for a company that requires it you know consistent bandwidth and the running mission critical application and there's justification for the cost that bandwidth is required then definitely uh direct connect is your option at the same time you have uh if you want to have uh you know another type of connection to aws you can use vpn tunnels ipsec tunnels which they are really encrypted right and you might see question how how to encrypt traffic in direct connect then you have the direct connect connection but on top of that you have to build vpn tunnels so it basically encrypts the traffic between your on-prem infrastructure and aws so uh you can also uh use a vpn as a backup for your you know direct connect connection in case something happens to direct connect you have another route to go to cloud using a technology called bgp which basically prioritize the traffic uh it says okay the cost of traffic with you know direct connect you set the number in a really really low amount so it's always preferred and if it goes down bgp automatically switches to the other uh you know route which is vpn and you set it as a higher cost so so basically it's intelligent enough to understand which route is you know preferred to connect to aws so uh ssm uh basically this service is really important you're gonna know how to patch your ec2 instances at a scale let's say you have a thousand uh ec2 instances and how do you update you know the operating system for these instances well you don't log into them one by one you use something called ssm you're going to know how to run a command and how to basically set up a maintenance window elb application load balancing uh you know and how to use it with microservices and ecs you're definitely going to get questions about ecs you can watch my ecs hands-on video you're going to let and you're going to learn a lot from that video and i promise if you watch that you're going to be able to answer all of the questions related to ecs but you're going to know how to how port mapping works in application load balancing in elastic load balancing and the difference between them and also network load balancing if you see a you know huge uh sudden spike in your traffic definitely network load balancing is should be your option if you need for example end-to-end encryption again nlb should be your uh basically uh option because since you are not trying to terminate ssl uh load balancer well lambda and basically serverless architecture is is a big part of the exam aws is trying to push this concept that you should go for managed services rather than building things if you know there's a question that uh you know trying to ask you to to use rds or kind of build a uh you know sql server for example on ec2 and manage it and the company is trying to you know reduce administration costs so then you should know that you are supposed to use rds as opposed to building an operating system and installing database in it because then you have to update the operating system you have to upgrade the version of your database make sure its patch is secure so there's a lot of administration cost well kms as the encryption service you need to know how kms works if you need dedicated and hardware in security cloud hsm is your option and you need to know how to make that highly available ci cd definitely you're going to get questions about ci cd you can watch my devops uh pro uh video where i explain all these concepts and at the same time i have videos in ci cd in my place go and take a look at those you will be able to pretty much answer every single question cicd you need to know how uh you know cicd and deployment strategies work the difference between bluegrain deployment and in place deployment and all these different strategies in auto scaling group you need to know how basically to scale a system and how to horizontally add servers how to distribute traffic between different availability zones and how basically to you know evenly distribute to traffic so route 53 is another one is uh basically uh you know it's a dns service in amazon it's a managed one so you need to know which ones uh have for example health check let's say you're using like simple routing uh policy in your ralph 53 and you need to know if you know it comes or not with for example health check so these are the things that you need to know weighted routing how to split traffic between regions uh you know reduce latency and failover these are the you know different strategies and pros and cons and how they can be applied to a specific business use case uh well dynamodb and global tables and you know how dynamodb actually works under the hood a dynamodb streams for example let's say a user goes updates a profile then you can create a dynamodb stream so it basically triggers all the changes and tracks all the changes that's happening in your database so dynamodb you need to know it's low latency you can actually cache the result in front of dynamodb using dax and basically serve the traffic and faster that's going to be very very fast and high performing database well you need to know dynamodb is a nosql type of database and the difference between type of uh structured query basically databases like sql or mysql mariodb and the other ones non sql database nosql databases s3 you know it's basically object level storage there's no hierarchy in it and basically when you save the files in different folders you see them as a folder but s3 is basically a flac flat storage service and you need to know the reliability and different classes in s3 you need to know how s3 can be used with cloudfront which is a cdn content delivery network in order to you know uh serve the static content of your let's say that application around the globe very fast let's say you're streaming videos and you want to serve those you know everywhere in different locations so you need to know how cloudfront can be integrated with s3 you need to know s3 events how to secure street how bucket policies work how to serve a static website through sf s3 and how versioning works in s3 uh basically you can keep track of and you can apply lifecycle policies to different versions let's say you want to store your backups in s3 and those backups can go to for example to infrequent access because you don't know when a disaster is going to happen so you can save money in storage and then you can have versioning enabled so every week that you upload you know new version of your backup to a s3 it will basically keep the old version and you you have the new versions as well available but over time you're going to store a lot of files since you're in enabling versioning in your s3 bucket and you're going to incur a lot of cost so the way you avoid that by setting up a life cycle policy so you set up life cycle policy you say hey every 40 days every 60 days every 90 days go through my bucket move some to glacier remove some of these files so i can save more money so you need to optimize you need to know how exactly s3 you know buckets operate rds which is a basically manage a relational database service it was takes care of all the underlying you know infrastructure so you can just focus on your database you need to know how to do snapshots and all the details regarding rds uh secret managers and perimeter store how to save secrets between the application you don't want to hard code the username password in the application an exam will test you on those you know concept a dms database migration service uh for example from my sequel to my sequel from on-prem mysql to mysql that can be done through dms which aws spins up a you know replication instance in uh in vpc and basically uh uploads all your data from local database to cloud database and you can keep it in sync until it's time for migration so you have the ability to keep those databases the replication live uh you know through dms but if you are migrating for uh for example from oracle to amazon aurora with postgres let's say compatibility and then uh you need to use a tool called sct uh it's basically a schema tool that converts and you know prepares the data schema issue because you are going from one vendor to another one so you need to know the difference and then to use you know the schema service aws guard duty aws inspector you need to know inspector is an agent base uh basically it needs to run on an uh on an ec2 well we talked about uh direct connect but let's talk about a little bit about vpc peering vpc pairing and that's how you connect vpcs you need to know that transit gateway can be used in order to reduce the administration and the number of vpn tunnels that you're going to create and connect the infrastructure to for example uh vpcs or uh traffic between the vpcs you need to know that gateways and how to build central nat gateway uh you know basically system so vpc endpoints and interface endpoint you're going to get questions about vpc endpoint for example a company is trying to you know access a uh you know important and sensitive information in s3 through the web application but they don't want to use public internet to hit the s3 bucket so what do they do they use a vpc endpoint which provides private routing to your s3 bucket that's that can be for example a scenario and then also you can use interface endpoint they basically give you the ability to inject any service to your vpc definitely make sure you have a very clear understanding about reserve instances when to use them when there's a commitment and companies trying to use this application for three years so it's better to sign up for reserve instances so you can save money and then of course if they need for example in i don't know black friday the sales go up and they need more instances then you can combine that with uh you know on demand instances because on demand is good for those type of situation if you have a back jaw for example processing a bunch of batch and they can be interrupted and you don't care you can pick it up where when it's ready then spot instances can be a good candidate because you can save a lot of money using spot instances so make sure you are very very comfortable with uh you know aws billing model in ec2 instance and invent to use them uh well you need to know all the ec2 instance types when to use compute intents and then to use for example memory intents and then to use for example general purpose for databases you need to make sure you have a very clear understanding about the different classes of instances in aws ebs volumes ebs volumes are very important and how uh you know you can apply them to a specific you know scenario they are uh basically a volume network based uh volume and uh they're slower than instance volume right so if you want to achieve a really really high ios over 64 000 iops you definitely need to use instance volumes but ebs volumes uh you know you need to know how much iops you can get one thing i want to mention about the limits you need to know a lot of limits in the exam for example if you hit api gateway and you know you want to wait for three minutes to get a response api gateway is not going to work so you need to know all the limitations in in your account how many you know users can be created in aws account and those are the ones there's actually page in aws that describes all these limitations uh you know really well efs and um elastic file system can be you know used with thousands of uh you know instances it's a basically shared storage between the ec2 instances uh you definitely need to know about elastic bean stock and how to deploy you need to know it's a platform as a service and you can deploy a lot of different applications like java python go into elastic bean stock and of course docker and you can do multi-docker in one instance ddos protection is another topic and you need to know how to mitigate ddos attacks how to scale how to absorb the attack how to use route 53 in order to uh you know basically distribute the traffic between different azs and how to scale during the time so you got to know that you know for adidas attack all the aws uh accounts they come with something called aws shield but if you want to advance protection which you get response team and basically they reverse you for the you know cost that they you incurred during the during the attack so you need to know how vaf can be used web application firewall it's not for ddos protection it's for for example attacks like application a layer attached like sql injection cross-site scripting aws service catalog basically let's say uh you have a team and they're not familiar with aws but they need you to give them a platform so they can launch different for example you know wordpress sells websites for the company so since users are not familiar with aws your services you need to architect and build this using different components of aws and then give them access to service catalog and you tell them hey go to service catalog and launch your application don't worry about how it works right this is how aws catalog can be used as far as compliance aws config can basically track your account and make sure your account is compliant for example let's say you have a regulation that uh you know all your history buckets uh you know they need to stay private and if someone goes and creates a public s3 bucket aws config can basically identify that and using the config rules actually can do some preventive actions but it will notify you so you know you are not compliant so uh let's say you want to make sure all your instances they don't allow port for example ssh you can do that using compliance and then of course notify your security team step function you need to know the difference between step function and you know swf which is simple workflow uh service uh elastic cache you need to know the difference between memcache and redis uh redis is the advanced one which is used in you know regular and real life applications bank hd is a little bit uh you know simpler it supports very simple data structures but you need to know the difference which one supports backup which one doesn't and things like that so emr elastic map reduce when you hear about big data and processing a lot of you know data in aws you should be thinking about emr uh you can run for example apache spark which is in memory you know a big data tool on top of aws these are the things aws manages the underlying infrastructure and so you can focus on your processing your big data sqs which is a q system so where you can decouple your applications for example let's say in a banking web application you go to the website you put the request you want to for example transfer money it goes to a queue and it sits there until another server comes and picks up and processes that you know process for you this is how you decouple the applications so you can basically adjust the scaling between the applications so and users don't have to wait uh you know for the response so sns is a very important topic you can subscribe to topics and distribute basically message between different endpoints such as text messaging email and http endpoints so kinesis aws kinesis which is an amazing service you need to know the difference between kinesis fire hose and kinesis data stream if you are looking into for example real-time uh data analysis and data streaming uh pipeline definitely you know kinesis stream should be your option not kinesis fire host since guinness says fire hose uh the minimum is 60 seconds so that's the minimum interval you can get out of uh kinesis fire hose so you need to know how kinesis can be for example integrated with iot project you can stream you know a lot of information from millions of devices around the globe to kinesis stream kinesis stream can deliver those two different for example sources in aws you need to know the destinations for kinesis fire host though placement groups you need to know the difference for example between the cluster and partition and when you want to do you know uh high performance computing you know placement group should be your option federation uh you know you have to know federation pretty much everything about it and how to integrate your for example mobile application with third-party uh you know pro identity providers like google facebook amazon and things like that you need to know how to integrate that with your uh basically active directory in corporate network and uh basically use aws sso in order to access different accounts so it'll be a snowball if you're moving a lot of information um you know to aws and you have very low speed internet so the answer one of the answers should be uh probably aws snowball uh you have a snowmobile you need to know the difference between uh those services as well ecs uh and you know ecr these are the things that you need to know definitely again watch that a video that i have uh regarding application deployment to elastic beanstalk uh my devops pro uh video and also ecs and cicd videos these four videos will help you a lot during uh the exam so lambda don't forget about it cloud watch and clock trail i know the difference between cloudwatch and cloudtrail cloudtrail is basically for auditing purposes uh api gateway is is one of them make sure you know all the limits error types what can go wrong and how they can be integrated with lambda and dynamodb classic aws and you know serverless application well i do have another video uh you can watch an application i uh where i build an application for you know serverless application so redshift remember if you're looking for data warehouse redship should be your option it's basically queries based on columns not rows that's why it's so fast so you need to know basically pretty much um all the details about a lot of services in edible certified solutions architect professional this is a very valuable and rewarding you know uh certification uh you i definitely encourage you to spend time energy under certification because it will open up a lot of opportunities in your career and you will definitely enjoy building a lot of awesome reliable scalable secure systems on aws let me know if you have any questions in the comment section i would love to hear uh you know from you guys don't forget to like this video subscribe to my channel and i hope to see you guys soon bye

Info

Channel: Code Engine

Views: 12,414

Rating: 4.8415842 out of 5

Keywords: AWS, Solutions Architect Professional, Cloud, Cloudwatch, Cloudformation, Beanstalk, opsworks, ECS, aws exam, AWS certification, aws online exam, aws professional exam, amazon, amazon web services, solutions architect, aws developer, aws sysops admin, sysops, cicd, CI/CD AWS, Codepipeline, CodeCommit, AWS ASG, Auto Scaling Group, AWS ELB, AWS CodeBuild, AWS Lambda, Direct Connect, VPN, VPC, VPC Endpoint

Id: MJl8-nQX2lk

Channel Id: undefined

Length: 31min 56sec (1916 seconds)

Published: Mon May 11 2020